daily system administration

Linux, Debian and the rest
any questions or comments: Tom@d7031.de

Using Apache2-module proxy_balancer as fallback solution for the backend

My servers are mostly work with a normal load, but sometimes they have stress. In some cases the content application like TYPO3 or TomCat could not handle the mass of requests. So I’ve been searched for a automatic solution to display a busy-Page.

The Apache-Modul mod_proxy_balancer provides a solution for me. It doesn’t matter if the content is on the same machine or hosted on dedicated server(s) in the background. The difference is only the source loopback or some foreign IP addresses.

This modules should be loaded: proxy proxy_balancer proxy_http and if you use SSL to the backend _proxyconnect.

The first step is configure the apache to deliver the busy-page and the balancer-manager over the loopback interface:

        ServerAdmin webmaster@domain.tld

        DocumentRoot /srv/busypage/
       <Directory />
                Options None
                AllowOverride None
        <Directory /srv/busypage/>
                Options None
                AllowOverride None
                Order allow,deny
                allow from all

        <Location /balancer-manager>
                SetHandler balancer-manager

                Order Deny,Allow
                Deny from all
                Allow from

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
        ErrorLog /var/log/apache2/error-busypage.log
        CustomLog /var/log/apache2/access-busypage.log combined


Now you can setup your frontend apache server. I prefer using SSL and redirect all traffic to the https port.

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@domain.tld
        ServerName www.domain.tld
        ServerAlias name.domain.tld

        <Directory />
                Options None
                AllowOverride None

# SSl keys and chain
        SSLEngine on
        SSLCertificateFile    /etc/apache2/ssl/public.cert
        SSLCertificateKeyFile /etc/apache2/ssl/private.key
        SSLCertificateChainFile /etc/apache2/ssl/intermediate.cert

# secure the server against BEAST attack on TLS
        SSLHonorCipherOrder On
        SSLCipherSuite RC4-SHA:HIGH:!ADH

# proxy configuration
        ProxyRequests Off
        ProxyPreserveHost On

       <Proxy *>
                # hide some headers
                Header unset Server
                Header unset X-Powered-By

                SetEnv proxy-nokeepalive 1
                SetEnv force-proxy-request-1.0 1
                Order deny,allow
                Allow from all
        # here is the loadbalancer and fallback part
        <Proxy balancer://fallback>
                BalancerMember http://your.internal.server/         retry=10
                # the fallback
                BalancerMember                  status=+H
                ProxySet lbmethod=bytraffic

        <Location />
                # Commpression
                SetOutputFilter DEFLATE
                BrowserMatch ^Mozilla/4 gzip-only-text/html
                BrowserMatch ^Mozilla/4\.0[678] no-gzip
                BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
                SetEnvIfNoCase Request_URI \
                 \.(?:gif|jpe?g|png)$ no-gzip dont-vary
                Header append Vary User-Agent env=!dont-vary

                Order allow,deny
                allow from all

                ProxyPassReverse http://your.internal.server/
                ProxyPass  balancer://fallback

# Logging
        LogLevel warn
        ErrorLog /var/log/apache2/error-ssl-balancer.log
        CustomLog /var/log/apache2/access-ssl-balancer.log sslcombineddeflate

# Caching
<IfModule mod_mem_cache.c>
        CacheEnable mem /
        MCacheSize 4096
        MCacheMaxObjectCount 100
        MCacheMinObjectSize 1
        MCacheMaxObjectSize 2048


That’s all.